From 3ef5d5153f8d7328d5019126ffa70d2fdb8bdc57 Mon Sep 17 00:00:00 2001
From: Praveen M <m.praveen@ibm.com>
Date: Mon, 27 Jan 2025 20:54:46 +0530
Subject: [PATCH] csi: update RBACs needed for csi-omap-generator sidecar

ceph/ceph-csi/pull/4750 added a new controller that watches for the
VolumeGroupReplicationContent CR and regenerates the OMAP data.
This change needs RBACs for VolumeGroupReplicationContent and
VolumeGroupReplicationClass CR.

This commit updates the same for the `rbd-ctrlplugin-cr`
ClusterRole.

Signed-off-by: Praveen M <m.praveen@ibm.com>
---
 config/csi-rbac/rbd_ctrlplugin_cluster_role.yaml |  6 ++++++
 deploy/all-in-one/install.yaml                   | 16 ++++++++++++++++
 deploy/multifile/csi-rbac.yaml                   | 16 ++++++++++++++++
 3 files changed, 38 insertions(+)

diff --git a/config/csi-rbac/rbd_ctrlplugin_cluster_role.yaml b/config/csi-rbac/rbd_ctrlplugin_cluster_role.yaml
index deba2ba5..a11c9c15 100644
--- a/config/csi-rbac/rbd_ctrlplugin_cluster_role.yaml
+++ b/config/csi-rbac/rbd_ctrlplugin_cluster_role.yaml
@@ -63,3 +63,9 @@ rules:
   - apiGroups: ["groupsnapshot.storage.k8s.io"]
     resources: ["volumegroupsnapshotcontents/status"]
     verbs: ["update", "patch"]
+  - apiGroups: ["replication.storage.openshift.io"]
+    resources: ["volumegroupreplicationcontents"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["replication.storage.openshift.io"]
+    resources: ["volumegroupreplicationclasses"]
+    verbs: ["get", "list", "watch"]
diff --git a/deploy/all-in-one/install.yaml b/deploy/all-in-one/install.yaml
index 04d830d2..8b6c7744 100644
--- a/deploy/all-in-one/install.yaml
+++ b/deploy/all-in-one/install.yaml
@@ -15218,6 +15218,22 @@ rules:
   verbs:
   - update
   - patch
+- apiGroups:
+  - replication.storage.openshift.io
+  resources:
+  - volumegroupreplicationcontents
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - replication.storage.openshift.io
+  resources:
+  - volumegroupreplicationclasses
+  verbs:
+  - get
+  - list
+  - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
diff --git a/deploy/multifile/csi-rbac.yaml b/deploy/multifile/csi-rbac.yaml
index 2835cdd9..5bdbd73b 100644
--- a/deploy/multifile/csi-rbac.yaml
+++ b/deploy/multifile/csi-rbac.yaml
@@ -690,6 +690,22 @@ rules:
   verbs:
   - update
   - patch
+- apiGroups:
+  - replication.storage.openshift.io
+  resources:
+  - volumegroupreplicationcontents
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - replication.storage.openshift.io
+  resources:
+  - volumegroupreplicationclasses
+  verbs:
+  - get
+  - list
+  - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole